+------------------+
| |
| Okta |<------+
| | | AuthorizedKeysCommand
+------------------+ | Get list of Okta groups
| the user is assigned
| permits access with signed key
+-------------+ +---------------------+
| | | |
| <----------------------------+------> | user account is added on
| CA | +---+ AWSHost | the fly if it does not
| step-ca <---------+ | | | exist
+-------------+ | | | AuthorizedKeysCommand
| | +---------------------+
| |
| |
| |
| |
| |
| |
|+--------------------|
|| +
+> | UsesProxyCommand to generate ssh certificate
| End User Laptop | using step ca ssh. Authenticates with SAML
| | to Okta. Completes ssh to awshost with signed
| ssh awshost | certificate
+--------------------+
Created
September 26, 2019 18:54
-
-
Save robomfeinberg/b65fd9b099304c7379f348f5ac27185b to your computer and use it in GitHub Desktop.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment